Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for ACERA 9010-24 by FURUNO SYSTEMS Co.,Ltd.

    CVE-2024-28744 (GCVE-0-2024-28744)

    Vulnerability from nvd – Published: 2024-04-08 00:16 – Updated: 2024-08-02 00:56
    VLAI
    Summary
    The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Empty Password in Configuration File
    • CWE-258 - Empty Password in Configuration File
    Assigner
    Impacted products
    Vendor Product Version
    FURUNO SYSTEMS Co.,Ltd. ACERA 9010-08 Affected: firmware v02.04 and earlier
    Create a notification for this product.
    FURUNO SYSTEMS Co.,Ltd. ACERA 9010-24 Affected: firmware v02.04 and earlier
    Create a notification for this product.
    furunosystems acera_9010-08_firmware Affected: 0 , ≤ 02.04 (custom)
        cpe:2.3:o:furunosystems:acera_9010-08_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    furunosystems acera_9010-24_firmware Affected: 0 , ≤ 02.04 (custom)
        cpe:2.3:o:furunosystems:acera_9010-24_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:furunosystems:acera_9010-08_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "acera_9010-08_firmware",
                "vendor": "furunosystems",
                "versions": [
                  {
                    "lessThanOrEqual": "02.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:furunosystems:acera_9010-24_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "acera_9010-24_firmware",
                "vendor": "furunosystems",
                "versions": [
                  {
                    "lessThanOrEqual": "02.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28744",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T18:13:16.617613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-258",
                    "description": "CWE-258 Empty Password in Configuration File",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T18:16:55.662Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:56:58.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.furunosystems.co.jp/news/info/vulner20240401.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99285099/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ACERA 9010-08",
              "vendor": "FURUNO SYSTEMS Co.,Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware v02.04 and earlier"
                }
              ]
            },
            {
              "product": "ACERA 9010-24",
              "vendor": "FURUNO SYSTEMS Co.,Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware v02.04 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Empty Password in Configuration File",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-08T00:16:21.116Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.furunosystems.co.jp/news/info/vulner20240401.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99285099/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-28744",
        "datePublished": "2024-04-08T00:16:21.116Z",
        "dateReserved": "2024-03-08T05:25:54.146Z",
        "dateUpdated": "2024-08-02T00:56:58.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28744 (GCVE-0-2024-28744)

    Vulnerability from cvelistv5 – Published: 2024-04-08 00:16 – Updated: 2024-08-02 00:56
    VLAI
    Summary
    The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Empty Password in Configuration File
    • CWE-258 - Empty Password in Configuration File
    Assigner
    Impacted products
    Vendor Product Version
    FURUNO SYSTEMS Co.,Ltd. ACERA 9010-08 Affected: firmware v02.04 and earlier
    Create a notification for this product.
    FURUNO SYSTEMS Co.,Ltd. ACERA 9010-24 Affected: firmware v02.04 and earlier
    Create a notification for this product.
    furunosystems acera_9010-08_firmware Affected: 0 , ≤ 02.04 (custom)
        cpe:2.3:o:furunosystems:acera_9010-08_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    furunosystems acera_9010-24_firmware Affected: 0 , ≤ 02.04 (custom)
        cpe:2.3:o:furunosystems:acera_9010-24_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:furunosystems:acera_9010-08_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "acera_9010-08_firmware",
                "vendor": "furunosystems",
                "versions": [
                  {
                    "lessThanOrEqual": "02.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:furunosystems:acera_9010-24_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "acera_9010-24_firmware",
                "vendor": "furunosystems",
                "versions": [
                  {
                    "lessThanOrEqual": "02.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28744",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T18:13:16.617613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-258",
                    "description": "CWE-258 Empty Password in Configuration File",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T18:16:55.662Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:56:58.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.furunosystems.co.jp/news/info/vulner20240401.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99285099/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ACERA 9010-08",
              "vendor": "FURUNO SYSTEMS Co.,Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware v02.04 and earlier"
                }
              ]
            },
            {
              "product": "ACERA 9010-24",
              "vendor": "FURUNO SYSTEMS Co.,Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware v02.04 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Empty Password in Configuration File",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-08T00:16:21.116Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.furunosystems.co.jp/news/info/vulner20240401.html"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99285099/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-28744",
        "datePublished": "2024-04-08T00:16:21.116Z",
        "dateReserved": "2024-03-08T05:25:54.146Z",
        "dateUpdated": "2024-08-02T00:56:58.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2024-003051

    Vulnerability from jvndb - Published: 2024-04-02 18:03 - Updated:2024-04-02 18:03
    Severity
    Summary
    FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password
    Details
    In the initial configuration of Managed Switch ACERA 9010 provided by FURUNO Systems Co., Ltd., the password is empty (CWE-258) and the remote access service is enabled. The products are affected only when running in non MS mode with the initial configuration. FURUNO SYSTEMS Co.,Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003051.html",
      "dc:date": "2024-04-02T18:03+09:00",
      "dcterms:issued": "2024-04-02T18:03+09:00",
      "dcterms:modified": "2024-04-02T18:03+09:00",
      "description": "In the initial configuration of Managed Switch ACERA 9010 provided by FURUNO Systems Co., Ltd., the password is empty (CWE-258) and the remote access service is enabled.\r\n\r\nThe products are affected only when running in non MS mode with the initial configuration.\r\n\r\nFURUNO SYSTEMS Co.,Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003051.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:furunosystems:furuno_systems_acera_9010-08",
          "@product": "ACERA 9010-08",
          "@vendor": "FURUNO SYSTEMS Co.,Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:furunosystems:furuno_systems_acera_9010-24",
          "@product": "ACERA 9010-24",
          "@vendor": "FURUNO SYSTEMS Co.,Ltd.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "8.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-003051",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU99285099/index.html",
          "@id": "JVNVU#99285099",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28744",
          "@id": "CVE-2024-28744",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/258.html",
          "@id": "CWE-258",
          "@title": "Empty Password in Configuration File(CWE-258)"
        }
      ],
      "title": "FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password"
    }